48 lines
1.4 KiB
TypeScript
48 lines
1.4 KiB
TypeScript
import {
|
|
ApiResponse,
|
|
Authorizer,
|
|
ConfigType,
|
|
ValidateJWTTokenInput,
|
|
ValidateJWTTokenResponse,
|
|
} from '@authorizerdev/authorizer-js'
|
|
import Server, { onAuthenticatePayload } from '@hocuspocus/server';
|
|
|
|
const authorizer = new Authorizer({
|
|
clientID: process.env.AUTHORIZER_CLIENT_ID,
|
|
authorizerURL: 'https://auth.discours.io',
|
|
redirectURL: 'https://testing.discours.io',
|
|
} as ConfigType)
|
|
|
|
const server = await Server.configure({
|
|
port: 4242,
|
|
async onConnect({ connection }) {
|
|
connection.requiresAuthentication = true
|
|
},
|
|
async onAuthenticate(data: onAuthenticatePayload) {
|
|
|
|
if (data.requestHeaders) {
|
|
const params: ValidateJWTTokenInput = {
|
|
token_type: 'access_token',
|
|
token: data.requestHeaders['authorization'] || '',
|
|
}
|
|
if (params.token) {
|
|
// NOTE: ожидаем, что клиент отправит токен
|
|
const response: ApiResponse<ValidateJWTTokenResponse> = await authorizer.validateJWTToken(params)
|
|
if (response?.data?.is_valid) {
|
|
const { sub: user, allowed_roles: roles } = response.data.claims
|
|
console.debug(`user_id: ${user} roles: ${roles}`)
|
|
return {
|
|
id: user,
|
|
roles
|
|
}
|
|
} else {
|
|
console.error('no valid auth token presented')
|
|
throw new Error("Not authorized!")
|
|
}
|
|
}
|
|
}
|
|
},
|
|
}).listen()
|
|
|
|
server.listen()
|